This is a heavily interactive web application, and JavaScript is required. Simple HTML interfaces are possible, but that is not what this is.
Post
Socket
socket.dev
did:plc:n6f3j47vjucu5ijwdmow7n2w
🚨 We’re seeing a widespread GitHub campaign using fake VS Code alerts + Google redirects to route developers to attacker infrastructure.
The flow adapts based on cookies and fingerprints users before serving a second-stage attack. Not your average phishing link:
https://socket.dev/blog/widespread-github-campaign-uses-fake-vs-code-security-alerts-to-deliver-malware
2026-03-25T20:39:55.456Z